Skip to Main Content
Current information security prevention system has some disadvantages, such as the singleness of the data source, the imperfectness of the architecture and the absence of alert information post-processing. To address these, we present a framework for security event management based on mobile agent technology. In the framework, various agents are designed for different functions and roles, and these agents can communicate and collaborate securely. By virtue of the autonomy, mobility, inferential capability and social ability of the mobile agent, the numerous security events which may appear at many locations in the network can be efficiently detected, verified by the sensor agent and the verification agent. Furthermore, the correlation agent can correlate the purified security events globally based on the temporal relation, the causal relation, the spatial relation and statistics relations among them. We select Aglet as the platform and develop a security event management system (SEMS). Finally, through some multi-step attack scenarios, the effectiveness and the advantages of the mobile agent technology used for security event management have been verified.